A new user interface for you! Read more...

File php5-suhosin-php55.patch of Package php-5.5.37

https://github.com/NewEraCracker/suhosin-patches/blob/master/patches/ext/suhosin.diff
diff -uNr ext/suhosin/ex_imp.c ext/suhosin/ex_imp.c
--- ext/suhosin/ex_imp.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/ex_imp.c	Sat Apr  6 16:14:59 2013
@@ -727,7 +727,7 @@
 
 /* {{{ suhosin_ex_imp_functions[]
  */
-function_entry suhosin_ex_imp_functions[] = {
+zend_function_entry suhosin_ex_imp_functions[] = {
 	PHP_NAMED_FE(extract, PHP_FN(suhosin_extract), suhosin_arginfo_extract)
 	PHP_NAMED_FE(import_request_variables, PHP_FN(suhosin_import_request_variables), suhosin_arginfo_import_request_variables)
 	{NULL, NULL, NULL}
diff -uNr ext/suhosin/execute.c ext/suhosin/execute.c
--- ext/suhosin/execute.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/execute.c	Sat Apr  6 16:14:59 2013
@@ -35,21 +35,27 @@
 #include "zend_compile.h"
 #include "zend_llist.h"
 #include "SAPI.h"
+#include "main/php_version.h"
 
 #include "sha256.h"
 
-
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
+#define IH_EXECUTE_INTERNAL_PARAMS zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC
+#define IH_EXECUTE_INTERNAL_PARAM_PASSTHRU execute_data_ptr, return_value_used TSRMLS_CC
 static void (*old_execute)(zend_op_array *op_array TSRMLS_DC);
 static void suhosin_execute(zend_op_array *op_array TSRMLS_DC);
 static void (*old_execute_ZO)(zend_op_array *op_array, long dummy TSRMLS_DC);
 static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC);
 static void *(*zo_set_oe_ex)(void *ptr) = NULL;
+#else
+#define IH_EXECUTE_INTERNAL_PARAMS zend_execute_data *execute_data_ptr, zend_fcall_info *fci, int return_value_used TSRMLS_DC
+#define IH_EXECUTE_INTERNAL_PARAM_PASSTHRU execute_data_ptr, fci, return_value_used TSRMLS_CC
+static void (*old_execute_ex)(zend_execute_data *execute_data_ptr TSRMLS_DC);
+static void suhosin_execute_ex(zend_execute_data *execute_data_ptr TSRMLS_DC);
+#endif
 
-/*STATIC zend_op_array* (*old_compile_file)(zend_file_handle* file_handle, int type TSRMLS_DC);
-  STATIC zend_op_array* suhosin_compile_file(zend_file_handle*, int TSRMLS_DC);*/
-
-static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC);
-static void (*old_execute_internal)(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC);
+static void (*old_execute_internal)(IH_EXECUTE_INTERNAL_PARAMS);
+static void suhosin_execute_internal(IH_EXECUTE_INTERNAL_PARAMS);
 
 extern zend_extension suhosin_zend_extension_entry;
 
@@ -152,7 +158,7 @@
 			t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
 			if (h == NULL) break;
 							
-			while (t > s && (isalnum(t[-1]) || t[-1]=='_')) {
+			while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
 				t--;
 			}
 			
@@ -195,7 +201,7 @@
 			t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
 			if (h == NULL) break;
 							
-			while (t > s && (isalnum(t[-1]) || t[-1]=='_')) {
+			while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
 				t--;
 			}
 
@@ -353,10 +359,16 @@
 	return SUHOSIN_CODE_TYPE_UNKNOWN;
 }
 
-/* {{{ void suhosin_execute_ex(zend_op_array *op_array TSRMLS_DC)
+/* {{{ void suhosin_execute_ex
  *    This function provides a hook for execution */
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
 static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRMLS_DC)
 {
+#else
+static void suhosin_execute_ex(zend_execute_data *execute_data_ptr TSRMLS_DC)
+{
+	zend_op_array *op_array = execute_data_ptr->op_array;
+#endif
 	zend_op_array *new_op_array;
 	int op_array_type, len;
 	char *fn;
@@ -579,17 +591,22 @@
 	}
 
 continue_execution:
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
 	if (zo) {
 		old_execute_ZO (op_array, dummy TSRMLS_CC);
 	} else {
 		old_execute (op_array TSRMLS_CC);
 	}
+#else
+	old_execute_ex(execute_data_ptr TSRMLS_CC);
+#endif
 	/* nothing to do */
 	SUHOSIN_G(in_code_type) = orig_code_type;
 	SUHOSIN_G(execution_depth)--;
 }
 /* }}} */
 
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
 /* {{{ void suhosin_execute(zend_op_array *op_array TSRMLS_DC)
  *    This function provides a hook for execution */
 static void suhosin_execute(zend_op_array *op_array TSRMLS_DC)
@@ -604,11 +621,22 @@
 	suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC);
 }	
 /* }}} */
+#endif
 
-
+#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4)
+#define IH_HANDLER_PARAMS_REST int ht, zval *return_value, zval **return_value_ptr, zval *this_ptr, int return_value_used TSRMLS_DC
+#define IH_HANDLER_PARAMS internal_function_handler *ih, IH_HANDLER_PARAMS_REST
+#define IH_HANDLER_PARAM_PASSTHRU ih, ht, *return_value_ptr, \
+		(execute_data_ptr->function_state.function->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)?return_value_ptr:NULL, \
+		 execute_data_ptr->object, return_value_used TSRMLS_CC
+#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5)
+#define IH_HANDLER_PARAM_FCI_PASSTHRU ih, fci->param_count, *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1 TSRMLS_CC
+#endif
+#else
 #define IH_HANDLER_PARAMS_REST zend_execute_data *execute_data_ptr, int return_value_used, int ht, zval *return_value TSRMLS_DC
 #define IH_HANDLER_PARAMS internal_function_handler *ih, IH_HANDLER_PARAMS_REST
 #define IH_HANDLER_PARAM_PASSTHRU ih, execute_data_ptr, return_value_used, ht, return_value TSRMLS_CC
+#endif
 
 HashTable ihandler_table;
 
@@ -626,12 +654,20 @@
 {
 	zval **regex,
 	     **replace,
-	     **subject,
-	     **limit;
+	     **subject;
 
+#ifndef PHP_ATLEAST_5_3
+	zval **limit;
 	if (ZEND_NUM_ARGS() < 3 || zend_get_parameters_ex(3, &regex, &replace, &subject, &limit) == FAILURE) {
 		return (0);
 	}
+#else
+	long limit = -1;
+	zval **zcount = NULL;
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|lZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) {
+		return (1);
+	}
+#endif
 		
 	if (Z_TYPE_PP(regex) == IS_ARRAY) {
 		zval	**regex_entry;
@@ -1022,6 +1058,7 @@
 	return (0);
 }
 
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4)
 static int suhosin_php_body_write(const char *str, uint str_length TSRMLS_DC)
 {
 #define P_META_ROBOTS "<meta name=\"ROBOTS\" content=\"NOINDEX,NOFOLLOW,NOARCHIVE\" />"
@@ -1065,6 +1102,7 @@
 	RETVAL_TRUE;
 	return (1);
 }
+#endif
 
 
 static int ih_function_exists(IH_HANDLER_PARAMS)
@@ -1072,35 +1110,34 @@
 #ifndef PHP_ATLEAST_5_3
 	zval **function_name;
 #endif
+	char *name;
+	int name_len;
 	zend_function *func;
 	char *lcname;
 	zend_bool retval;
-	int func_name_len;
 	
 #ifndef PHP_ATLEAST_5_3
 	if (ZEND_NUM_ARGS()!=1 || zend_get_parameters_ex(1, &function_name)==FAILURE) {
 		ZEND_WRONG_PARAM_COUNT_WITH_RETVAL(1);
 	}
 	convert_to_string_ex(function_name);
-	func_name_len = Z_STRLEN_PP(function_name);
-	lcname = estrndup(Z_STRVAL_PP(function_name), func_name_len);	
-	zend_str_tolower(lcname, func_name_len);
+	name = Z_STRVAL_PP(function_name);
+	name_len = Z_STRLEN_PP(function_name);
 #else
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &lcname, &func_name_len) == FAILURE) {
-		return;
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &name, &name_len) == FAILURE) {
+		return (1);
 	}
+#endif
+	lcname = zend_str_tolower_dup(name, name_len);
 
 	/* Ignore leading "\" */
-	if (lcname[0] == '\\') {
-		lcname = &lcname[1];
-		func_name_len--;
+	name = lcname;
+	if (name_len > 0 && lcname[0] == '\\') {
+		name = &lcname[1];
+		name_len--;
 	}
-	lcname = zend_str_tolower_dup(lcname, func_name_len);	
-#endif
 
-	retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS);
-	
-	efree(lcname);
+	retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS);
 
 	/*
 	 * A bit of a hack, but not a bad one: we see if the handler of the function
@@ -1114,26 +1151,28 @@
 	/* Now check if function is forbidden by Suhosin */
 	if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
 		if (SUHOSIN_G(eval_whitelist) != NULL) {
-			if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, func_name_len+1)) {
+			if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), name, name_len+1)) {
 			    retval = 0;
 			}
 		} else if (SUHOSIN_G(eval_blacklist) != NULL) {
-			if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, func_name_len+1)) {
+			if (zend_hash_exists(SUHOSIN_G(eval_blacklist), name, name_len+1)) {
 			    retval = 0;
 			}
 		}
 	}
 	
 	if (SUHOSIN_G(func_whitelist) != NULL) {
-		if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, func_name_len+1)) {
+		if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) {
 		    retval = 0;
 		}
 	} else if (SUHOSIN_G(func_blacklist) != NULL) {
-		if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, func_name_len+1)) {
+		if (zend_hash_exists(SUHOSIN_G(func_blacklist), name, name_len+1)) {
 		    retval = 0;
 		}
 	}
 
+	efree(lcname);
+
 	RETVAL_BOOL(retval);
 	return (1);
 }
@@ -1344,7 +1383,7 @@
 
     suhosin_SHA256Init(&context);
 	suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 8);
-	suhosin_SHA256Final(seedbuf, &context);
+	suhosin_SHA256Final((void *)seedbuf, &context);
 }
 /* }}} */
 
@@ -1501,7 +1540,7 @@
 {
 #ifdef PHP_ATLEAST_5_3
 	if (zend_parse_parameters_none() == FAILURE) {
-		return;
+		return (1);
 	}
 #else
         int argc = ZEND_NUM_ARGS();
@@ -1518,7 +1557,10 @@
     { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
     { "mail", ih_mail, NULL, NULL, NULL },
     { "symlink", ih_symlink, NULL, NULL, NULL },
+
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4)
     { "phpinfo", ih_phpinfo, NULL, NULL, NULL },
+#endif
 	
 	{ "srand", ih_srand, NULL, NULL, NULL },
 	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1575,13 +1617,19 @@
 #define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));
 #define FUNCTION_SIMULATE_WARNING() zend_error(E_WARNING, "SIMULATION - %s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));
 
-/* {{{ void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC)
+/* {{{ void suhosin_execute_internal
  *    This function provides a hook for internal execution */
-static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC)
+static void suhosin_execute_internal(IH_EXECUTE_INTERNAL_PARAMS)
 {
 	char *lcname;
 	int function_name_strlen, free_lcname = 0;
+
+#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4)
+	zval **return_value_ptr;
+#else
 	zval *return_value;
+#endif
+
 	zend_class_entry *ce = NULL;
 	int ht;
 	internal_function_handler *ih;
@@ -1605,13 +1653,6 @@
 		zend_str_tolower(lcname, function_name_strlen);
 	}
 	
-#ifdef ZEND_ENGINE_2  
-	return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr;
-#else
-        return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr;
-#endif
-	ht = execute_data_ptr->opline->extended_value;
-
 	SDEBUG("function: %s", lcname);
 
 	if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
@@ -1663,14 +1704,30 @@
 		void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler;
 		
 		if (handler != ZEND_FN(display_disabled_function)) {
+#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5)
+			if(fci != NULL) {
+				retval = ih->handler(IH_HANDLER_PARAM_FCI_PASSTHRU);
+			} else {
+				return_value_ptr = &EX_TMP_VAR(execute_data_ptr, execute_data_ptr->opline->result.var)->var.ptr;
+#elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 4)
+				return_value_ptr = &(*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr;
+#elif (PHP_MAJOR_VERSION == 5)
+				return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr;
+#else
+				return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr;
+#endif
+				ht = execute_data_ptr->opline->extended_value;
 		    retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU);
+#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5)
+			}
+#endif
 		}
 		
 		if (retval == 0) {
-			old_execute_internal(execute_data_ptr, return_value_used TSRMLS_CC);
+			old_execute_internal(IH_EXECUTE_INTERNAL_PARAM_PASSTHRU);
 		}
 	} else {
-		old_execute_internal(execute_data_ptr, return_value_used TSRMLS_CC);
+		old_execute_internal(IH_EXECUTE_INTERNAL_PARAM_PASSTHRU);
 	}
 	if (free_lcname == 1) {
 		efree(lcname);
@@ -1686,6 +1743,7 @@
 /* }}} */
 
 
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
 /* {{{ int function_lookup(zend_extension *extension)
  */
 static int function_lookup(zend_extension *extension)
@@ -1703,6 +1761,7 @@
 	return 0;
 }
 /* }}} */
+#endif
 
 
 /* {{{ void suhosin_hook_execute()
@@ -1711,6 +1770,7 @@
 {
 	internal_function_handler *ih;
 	
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
 	old_execute = zend_execute;
 	zend_execute = suhosin_execute;
 	
@@ -1727,6 +1787,10 @@
 	if (zo_set_oe_ex != NULL) {
 		old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO);
 	}
+#else
+	old_execute_ex = zend_execute_ex;
+	zend_execute_ex = suhosin_execute_ex;
+#endif
 	
 	old_execute_internal = zend_execute_internal;
 	if (old_execute_internal == NULL) {
@@ -1761,11 +1825,15 @@
  */
 void suhosin_unhook_execute()
 {
+#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)
 	if (zo_set_oe_ex) {
 		zo_set_oe_ex(old_execute_ZO);
 	}
 	
 	zend_execute = old_execute;
+#else
+	zend_execute_ex = old_execute_ex;
+#endif
 	
 /*	zend_compile_file = old_compile_file; */
 
diff -uNr ext/suhosin/ifilter.c ext/suhosin/ifilter.c
--- ext/suhosin/ifilter.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/ifilter.c	Sat Apr  6 16:14:59 2013
@@ -146,7 +146,7 @@
 	if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
 			Z_TYPE_PP(tzval) == IS_STRING) {
 		
-		s = t = Z_STRVAL_PP(tzval);
+		s = t = (unsigned char *)Z_STRVAL_PP(tzval);
 		for (; *t; t++) {
 			if (suhosin_is_dangerous_char[*t]) {
 				*t = '?';
@@ -168,7 +168,7 @@
 	if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
 			Z_TYPE_PP(tzval) == IS_STRING) {
 		
-		temp = Z_STRVAL_PP(tzval);
+		temp = (unsigned char *)Z_STRVAL_PP(tzval);
 		
 		t = temp;
 		for (t = temp; *t; t++) {
@@ -195,7 +195,7 @@
 		}
 		*n = 0;
 		
-		Z_STRVAL_PP(tzval) = newv;
+		Z_STRVAL_PP(tzval) = (char *)newv;
 		Z_STRLEN_PP(tzval) = n-newv;
 	}
 }
diff -uNr ext/suhosin/log.c ext/suhosin/log.c
--- ext/suhosin/log.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/log.c	Sat Apr  6 16:14:59 2013
@@ -31,11 +31,18 @@
 #include "SAPI.h"
 #include "ext/standard/datetime.h"
 #include "ext/standard/flock_compat.h"
+#include "main/php_version.h"
 
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#elif defined(PHP_WIN32)
+#include "win32/time.h"
+#endif
+
 #if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
 #undef AF_UNIX
 #endif
@@ -261,7 +268,11 @@
 	/* SAPI Logging activated? */
 	SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script), SUHOSIN_G(log_phpscript));
 	if (((SUHOSIN_G(log_sapi)|S_INTERNAL) & loglevel)!=0) {
+#if PHP_VERSION_ID < 50400
 		sapi_module.log_message(buf);
+#else
+		sapi_module.log_message(buf TSRMLS_CC);
+#endif
 	}
 
 /*log_script:*/
@@ -317,7 +328,9 @@
 		zval *result = NULL;
 		
 		long orig_execution_depth = SUHOSIN_G(execution_depth);
+#if PHP_VERSION_ID < 50400
 		zend_bool orig_safe_mode = PG(safe_mode);
+#endif
 		char *orig_basedir = PG(open_basedir);
 		
 		char *phpscript = SUHOSIN_G(log_phpscriptname);
@@ -354,14 +367,18 @@
 				
 				SUHOSIN_G(execution_depth) = 0;
 				if (SUHOSIN_G(log_phpscript_is_safe)) {
+#if PHP_VERSION_ID < 50400
 					PG(safe_mode) = 0;
+#endif
 					PG(open_basedir) = NULL;
 				}
 				
 				zend_execute(new_op_array TSRMLS_CC);
 				
 				SUHOSIN_G(execution_depth) = orig_execution_depth;
+#if PHP_VERSION_ID < 50400
 				PG(safe_mode) = orig_safe_mode;
+#endif
 				PG(open_basedir) = orig_basedir;
 				
 #ifdef ZEND_ENGINE_2
diff -uNr ext/suhosin/php_suhosin.h ext/suhosin/php_suhosin.h
--- ext/suhosin/php_suhosin.h	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/php_suhosin.h	Sat Apr  6 16:14:59 2013
@@ -186,6 +186,7 @@
 	int (*old_php_body_write)(const char *str, unsigned int str_length TSRMLS_DC);
 
 /*	session */
+	void	*old_s_module;
 	void	*s_module;
 	int 	(*old_s_read)(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC);
 	int	(*old_s_write)(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC);
@@ -308,7 +309,7 @@
 char *suhosin_cookie_decryptor(TSRMLS_D);
 char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC);
 void suhosin_hook_post_handlers(TSRMLS_D);
-void suhosin_unhook_post_handlers();
+void suhosin_unhook_post_handlers(TSRMLS_D);
 void suhosin_hook_register_server_variables();
 void suhosin_hook_header_handler();
 void suhosin_unhook_header_handler();
diff -uNr ext/suhosin/post_handler.c ext/suhosin/post_handler.c
--- ext/suhosin/post_handler.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/post_handler.c	Sat Apr  6 16:14:59 2013
@@ -148,10 +148,10 @@
 
 	/* we need to tell suhosin patch that there is a new valid destructor */
 	/* therefore we have create HashTable that has this destructor */
-	zend_hash_init(&tempht, 0, NULL, suhosin_post_handler_modification, 0);
+	zend_hash_init(&tempht, 0, NULL, (dtor_func_t)suhosin_post_handler_modification, 0);
 	zend_hash_destroy(&tempht);
 	/* And now we can overwrite the destructor for post entries */
-	SG(known_post_content_types).pDestructor = suhosin_post_handler_modification;
+	SG(known_post_content_types).pDestructor = (dtor_func_t)suhosin_post_handler_modification;
 	
 	/* we have to stop mbstring from replacing our post handler */
 	if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) {
@@ -162,7 +162,7 @@
 	ini_entry->on_modify = suhosin_OnUpdate_mbstring_encoding_translation;
 }
 
-void suhosin_unhook_post_handlers()
+void suhosin_unhook_post_handlers(TSRMLS_D)
 {
 	zend_ini_entry *ini_entry;
 
@@ -186,5 +186,3 @@
  * vim600: noet sw=4 ts=4 fdm=marker
  * vim<600: noet sw=4 ts=4
  */
-
-
diff -uNr ext/suhosin/rfc1867.c ext/suhosin/rfc1867.c
--- ext/suhosin/rfc1867.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/rfc1867.c	Sat Apr  6 16:14:59 2013
@@ -35,6 +35,7 @@
 #include "suhosin_rfc1867.h"
 #include "php_ini.h"
 #include "ext/standard/php_string.h"
+#include "main/php_version.h"
 
 #define DEBUG_FILE_UPLOAD ZEND_DEBUG
 
@@ -244,21 +245,29 @@
 
 static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
 {
+#if PHP_VERSION_ID < 50400
 	int register_globals = PG(register_globals);
 
 	PG(register_globals) = 0;
+#endif
 	safe_php_register_variable(strvar, val, http_post_files, override_protection TSRMLS_CC);
+#if PHP_VERSION_ID < 50400
 	PG(register_globals) = register_globals;
+#endif
 }
 
 
 static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
 {
+#if PHP_VERSION_ID < 50400
 	int register_globals = PG(register_globals);
 
 	PG(register_globals) = 0;
+#endif
 	safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
+#if PHP_VERSION_ID < 50400
 	PG(register_globals) = register_globals;
+#endif
 }
 
 /*
@@ -1224,7 +1233,7 @@
 			if ((tmp = strrchr(filename, '/')) > s) {
 				s = tmp;
 			}
-#ifdef PHP_WIN32
+#if defined(PHP_WIN32) && (PHP_VERSION_ID < 50400)
 			if (PG(magic_quotes_gpc)) {
 				s = s ? s : filename;
 				tmp = strrchr(s, '\'');
diff -uNr ext/suhosin/session.c ext/suhosin/session.c
--- ext/suhosin/session.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/session.c	Sat Apr  6 16:14:59 2013
@@ -33,6 +33,7 @@
 #include "ext/standard/php_smart_str.h"
 #include "ext/standard/php_var.h"
 #include "sha256.h"
+#include "main/php_version.h"
 
 #include <fcntl.h>
 
@@ -233,9 +234,94 @@
     zend_bool invalid_session_id;   /* allows the driver to report about an invalid session id and request id regeneration */
 } php_ps_globals_53;
 
+#if PHP_VERSION_ID >= 50400
+typedef struct _php_session_rfc1867_progress_54 {
+
+	size_t    sname_len;
+	zval      sid;
+	smart_str key;
+
+	long      update_step;
+	long      next_update;
+	double    next_update_time;
+	zend_bool cancel_upload;
+	zend_bool apply_trans_sid;
+	size_t    content_length;
+
+	zval      *data;                 /* the array exported to session data */
+	zval      *post_bytes_processed; /* data["bytes_processed"] */
+	zval      *files;                /* data["files"] array */
+	zval      *current_file;         /* array of currently uploading file */
+	zval      *current_file_bytes_processed;
+} php_session_rfc1867_progress_54;
+
+typedef struct _php_ps_globals_54 {
+    char *save_path;
+    char *session_name;
+    char *id;
+    char *extern_referer_chk;
+    char *entropy_file;
+    char *cache_limiter;
+    long entropy_length;
+    long cookie_lifetime;
+    char *cookie_path;
+    char *cookie_domain;
+    zend_bool  cookie_secure;
+    zend_bool  cookie_httponly;
+    ps_module *mod;
+    ps_module *default_mod;
+    void *mod_data;
+    php_session_status session_status;
+    long gc_probability;
+    long gc_divisor;
+    long gc_maxlifetime;
+    int module_number;
+    long cache_expire;
+    union {
+        zval *names[6];
+        struct {
+            zval *ps_open;
+            zval *ps_close;
+            zval *ps_read;
+            zval *ps_write;
+            zval *ps_destroy;
+            zval *ps_gc;
+        } name;
+    } mod_user_names;
+    int mod_user_implemented;
+    int mod_user_is_open;
+    const struct ps_serializer_struct *serializer;
+    zval *http_session_vars;
+    zend_bool auto_start;
+    zend_bool use_cookies;
+    zend_bool use_only_cookies;
+    zend_bool use_trans_sid;    /* contains the INI value of whether to use trans-sid */
+    zend_bool apply_trans_sid;  /* whether or not to enable trans-sid for the current request */
+
+    long hash_func;
+#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
+    php_hash_ops *hash_ops;
+#endif
+    long hash_bits_per_character;
+    int send_cookie;
+    int define_sid;
+    zend_bool invalid_session_id;   /* allows the driver to report about an invalid session id and request id regeneration */
+
+    php_session_rfc1867_progress_54 *rfc1867_progress;
+    zend_bool rfc1867_enabled; /* session.upload_progress.enabled */
+    zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */
+    smart_str rfc1867_prefix;  /* session.upload_progress.prefix */
+    smart_str rfc1867_name;    /* session.upload_progress.name */
+    long rfc1867_freq;         /* session.upload_progress.freq */
+    double rfc1867_min_freq;   /* session.upload_progress.min_freq */
+} php_ps_globals_54;
+#endif
+
 #ifdef ZTS
 static ts_rsrc_id session_globals_id = 0;
-# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
+# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4)
+#  define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_54 *, v)
+# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
 #  define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_53 *, v)
 # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2)
 #  define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_52 *, v)
@@ -247,7 +333,9 @@
     UNSUPPORTED PHP VERSION
 # endif
 #else
-# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
+# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4)
+static php_ps_globals_54 *session_globals = NULL;
+# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
 static php_ps_globals_53 *session_globals = NULL;
 # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2)
 static php_ps_globals_52 *session_globals = NULL;
@@ -294,6 +382,7 @@
     if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
         ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var);
 
+#if PHP_VERSION_ID < 50400
         /* If register_globals is enabled, and
          * if there is an entry for the slot in $_SESSION, and
          * if that entry is still set to NULL, and
@@ -307,6 +396,7 @@
                 *state_var = tmp;
             }
         }
+#endif
     }
     return ret;
 }
@@ -426,7 +516,7 @@
     }
     
     /* store ip value */
-    suhosin_get_ipv4(crypted+4 TSRMLS_CC);
+    suhosin_get_ipv4((char *)crypted+4 TSRMLS_CC);
     
     /* store check value */
     crypted[8] = check & 0xff;
@@ -544,7 +634,7 @@
         if (check_ra > 4) {
             check_ra = 4;
         }
-        suhosin_get_ipv4(&buf TSRMLS_CC);
+        suhosin_get_ipv4(&buf[0] TSRMLS_CC);
         if (memcmp(buf, decrypted+4, check_ra) != 0) {
             goto error_out;
         }
@@ -639,7 +729,12 @@
     }*/
     
     /* protect dumb session handlers */
-    if (key == NULL || !key[0] || *mod_data == NULL) {
+    if (key == NULL || !key[0] ||
+		(*mod_data == NULL
+#if PHP_VERSION_ID >= 50400
+		 && !SESSION_G(mod_user_implemented)
+#endif
+		)) {
 regenerate:
         SDEBUG("regenerating key is %s", key);
         KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
@@ -688,7 +783,12 @@
     char *v = (char *)val;
 
     /* protect dumb session handlers */
-    if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
+    if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
+		(*mod_data == NULL
+#if PHP_VERSION_ID >= 50400
+		 && !SESSION_G(mod_user_implemented)
+#endif
+		)) {
         r = FAILURE;
         goto return_write;
     }
@@ -731,7 +831,12 @@
     int r;
 
     /* protect dumb session handlers */
-    if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
+    if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
+		(*mod_data == NULL
+#if PHP_VERSION_ID >= 50400
+		 && !SESSION_G(mod_user_implemented)
+#endif
+		)) {
         return FAILURE;
     }
     
@@ -763,15 +868,25 @@
     SUHOSIN_G(old_s_destroy) = mod->s_destroy;
     mod->s_destroy = suhosin_hook_s_destroy;
     
+    SUHOSIN_G(old_s_module) = old_mod;
     SESSION_G(mod) = mod;
 }
 
+static void suhosin_unhook_session_module(TSRMLS_D)
+{
+    ps_module *old_mod = SUHOSIN_G(old_s_module);
+
+    if (old_mod != NULL) {
+		SESSION_G(mod) = old_mod;
+    }
+}
+
 static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
 {
     int r;
 
+    suhosin_unhook_session_module(TSRMLS_C);
     r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
-    
     suhosin_hook_session_module(TSRMLS_C);
     
     return r;
@@ -869,7 +984,7 @@
 
     /* increase session identifier entropy */
     if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
-        
+#ifndef PHP_WIN32
         /* ensure that /dev/urandom exists */
         int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
         if (fd >= 0) {
@@ -877,6 +992,7 @@
             SESSION_G(entropy_length) = 16;
             SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
         }
+#endif
     }
 }
 
diff -uNr ext/suhosin/sha256.c ext/suhosin/sha256.c
--- ext/suhosin/sha256.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/sha256.c	Sat Apr  6 16:14:59 2013
@@ -86,9 +86,11 @@
 		return;
 	}
 
+#if PHP_VERSION_ID < 50400
 	if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
+#endif
 
 	if (php_check_open_basedir(arg TSRMLS_CC)) {
 		RETURN_FALSE;
@@ -392,7 +394,7 @@
 
 /* {{{ suhosin_sha256_functions[]
  */
-static function_entry suhosin_sha256_functions[] = {
+static zend_function_entry suhosin_sha256_functions[] = {
 	PHP_NAMED_FE(sha256, PHP_FN(suhosin_sha256), NULL)
 	PHP_NAMED_FE(sha256_file, PHP_FN(suhosin_sha256_file), NULL)
 	{NULL, NULL, NULL}
diff -uNr ext/suhosin/suhosin.c ext/suhosin/suhosin.c
--- ext/suhosin/suhosin.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/suhosin.c	Sat Apr  6 16:14:59 2013
@@ -32,8 +32,12 @@
 #include "zend_llist.h"
 #include "zend_operators.h"
 #include "SAPI.h"
+
+#if PHP_VERSION_ID < 50500
 #include "php_logos.h"
 #include "suhosin_logo.h"
+#endif
+
 #include "ext/standard/php_string.h"
 #include "ext/standard/url.h"
 #include "ext/standard/base64.h"
@@ -189,9 +193,11 @@
 
 static void suhosin_shutdown(zend_extension *extension)
 {
+	TSRMLS_FETCH();
+
 	suhosin_unhook_execute();
 	suhosin_unhook_header_handler();
-	suhosin_unhook_post_handlers();
+	suhosin_unhook_post_handlers(TSRMLS_C);
     
     if (ze != NULL) {
 	    ze->startup = orig_module_startup;
@@ -646,12 +652,16 @@
 				array_init(gpc_element);
 				zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 			} else {
+#if PHP_VERSION_ID < 50400
 				if (PG(magic_quotes_gpc) && (index != var)) {
 					/* no need to addslashes() the index if it's the main variable name */
 					escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
 				} else {
+#endif
 					escaped_index = index;
+#if PHP_VERSION_ID < 50400
 				}
+#endif
 				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
 					MAKE_STD_ZVAL(gpc_element);
@@ -683,11 +693,15 @@
 		if (!index) {
 			zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 		} else {
+#if PHP_VERSION_ID < 50400
 			if (PG(magic_quotes_gpc)) { 
 				escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
 			} else {
+#endif
 				escaped_index = index;
+#if PHP_VERSION_ID < 50400
 			}
+#endif
 			/* 
 			 * According to rfc2965, more specific paths are listed above the less specific ones.
 			 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
@@ -714,11 +728,15 @@
 	
 	/* Prepare value */
 	Z_STRLEN(new_entry) = str_len;
+#if PHP_VERSION_ID < 50400
 	if (PG(magic_quotes_gpc)) {
 		Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC);
 	} else {
+#endif
 		Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
+#if PHP_VERSION_ID < 50400
 	}
+#endif
 	Z_TYPE(new_entry) = IS_STRING;
 
 	suhosin_register_cookie_variable(var, &new_entry, track_vars_array TSRMLS_CC);
@@ -1100,8 +1118,10 @@
 	suhosin_hook_sha256();
 	suhosin_hook_ex_imp();
 
+#if PHP_VERSION_ID < 50500
 	/* register the logo for phpinfo */
 	php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo, sizeof(suhosin_logo));
+#endif
 
 #if PHP_MAJOR_VERSION < 5
 	php_error_docref(NULL TSRMLS_CC, E_ERROR, "Suhosin Extension is not designed to run with PHP 4 and below. Erroring Out.");
@@ -1191,6 +1211,8 @@
 PHP_MINFO_FUNCTION(suhosin)
 {
 	php_info_print_box_start(0);
+
+#if PHP_VERSION_ID < 50500
 	if (!sapi_module.phpinfo_as_text) {
 		if (PG(expose_php)) {
 			PUTS("<a href=\"http://www.suhosin.org/\"><img border=\"0\" src=\"");
@@ -1227,6 +1249,7 @@
 			PUTS("\" alt=\"Suhosin logo\" /></a>\n");
 		} while(0);
 	}
+#endif
 	PUTS("This server is protected with the Suhosin Extension " SUHOSIN_EXT_VERSION);
 	PUTS(!sapi_module.phpinfo_as_text?"<br /><br />":"\n\n");
 	if (sapi_module.phpinfo_as_text) {
diff -uNr ext/suhosin/treat_data.c ext/suhosin/treat_data.c
--- ext/suhosin/treat_data.c	Thu Jan 19 15:49:18 2012
+++ ext/suhosin/treat_data.c	Sat Apr  6 16:14:59 2013
@@ -194,7 +194,12 @@
 
 void suhosin_hook_treat_data()
 {
+#if PHP_VERSION_ID < 50400
 	sapi_register_treat_data(suhosin_treat_data);
+#else
+	TSRMLS_FETCH();
+	sapi_register_treat_data(suhosin_treat_data TSRMLS_CC);
+#endif
 #ifdef ZEND_ENGINE_2
 	if (old_input_filter == NULL) {
 		old_input_filter = sapi_module.input_filter;